ZERO DAILY
Hacking, AppSec, and Bug Bounty newsletter
2019-04-30 | Millionaires and merit scholars, Bug bounty tips, and CI Knew there would be bugs here
Tuesday, April 30
TOP STORY
-
Millions of IoT devices vulnerable to eavesdropping, credential theft, remote compromises reports Krebs. The security flaws involve iLnkP2P, software developed by China-based Shenzhen Yunni Technology.
TWEET OF THE DAY
-
Here’s how secure your location data is: Using a burner gmail address and zero verifying info, we got it. No federal law restricts the trade. This isn’t about privacy. It’s about security. - @tonydokoupil
OTHER ARTICLES WE’RE READING
-
Cyber Coalition paper on VDP, emphasis on US. “CVD should be a standard component of public & private sector security programs, but not a replacement for other defenses.” Rapid7 policy director has some notes in a twitter thread.
-
I C what you did there… “CI Knew There Would Be Bugs Here” Exploring Continuous Integration Services as a Bug Bounty Hunter by @Rhynorater, @hacker_, and @EdOverflow. Relaed: Streaak published Keyhacks tool on GH.
-
190K Docker hubs compromised, see thread on Hacker News for more.
-
Millionaires and merit scholars: The Hustle covers @try_to_hack, @cablej, CyFi, and more
-
@jmalika and @TomNomNom on #bugbounty tips on proving XSS impact.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
CVSS has very little context about the boutique risks of our environment and can’t reach that far into communicating them.